frappe-testing
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface where user-provided strings (site name, app name) are used within shell commands during the testing procedure.
- Ingestion points: Site name and app name inputs defined in
SKILL.md. - Boundary markers: None present in the provided instructions to delimit user input from command logic.
- Capability inventory: The skill executes subprocess commands via the
benchCLI and writes executable.pyand.jsfiles to the local filesystem. - Sanitization: No explicit sanitization or validation of user inputs is mentioned in the markdown procedures.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the
benchcommand-line utility to run tests, migrate sites, and setup environments. These actions are the primary and intended purpose of the skill for developers working with the Frappe framework. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard installations of
frappe-benchvia pip andcypressvia npm. These are widely used, reputable tools for the described ecosystem and are fetched from trusted public registries. - [CREDENTIALS_UNSAFE] (SAFE): Documentation examples in
references/ci-testing.mdandreferences/cypress.mduse default credentials (e.g., 'root', 'admin'). These are clearly provided as placeholders for development and CI/CD service containers rather than being hardcoded production secrets.
Audit Metadata